package sel.me.spring.boot245.web.controller;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
import sel.me.spring.boot245.web.domain.base.Result;
import sel.me.spring.boot245.web.domain.login.LoginUserDto;

/**
 * @author shenenlu 2021年06月08日 下午17:25:32
 */
@Slf4j
@RestController
public class TestController {

    @GetMapping("/test")
    public String selectPage(){
        log.info("Handling home");
        return "aaaa";
    }

    @GetMapping("/getUserInfo")
    @PostAuthorize(" returnObject!=null &&  returnObject.username == authentication.name")
    public LoginUserDto getUserInfo() {
        Object pricipal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        LoginUserDto user;
        if("anonymousUser".equals(pricipal)) {
            user = null;
        }else {
            user = (LoginUserDto) pricipal;
        }
        return user;
    }


    /**
     * @PreAuthorize
     * Spring的 @PreAuthorize/@PostAuthorize 注解更适合方法级的安全,也支持Spring 表达式语言，提供了基于表达式的访问控制。
     *
     * 当@EnableGlobalMethodSecurity(prePostEnabled=true)的时候，@PreAuthorize可以使用：
     * @return
     */
    @PostMapping("/initDashboard")
    @PreAuthorize("hasRole('100')")
    public Result<String> initDashboard() {
//        Map<String, Object> result = new HashMap<>();
//        result.put("test", "仪表盘初始化");
//        result.put(ResponseDict.RESPONSE_DATA_KEY, dashboardService.initDashboard());
        return new Result<>("success");
    }


}
